Information Security Commons^™

Understanding And Combatting Terrorist Networks: Coupling Social Media Mining With Social Network Analysis, Benn Van Den Ende

Australian Information Security Management Conference

Throughout the past decade the methods employed by terrorist organisations have changed drastically. One of these key changes has been associated with the rise of social media such as Facebook, Twitter, YouTube and blogging in general. Terrorist organisations appear to be using the wide reach and vast network capabilities created by social media to disseminate propaganda, radicalise susceptible individuals, recruit potential fighters and communicate strategic and operational objectives. However, this growing terrorist presence on Social Media can also offer invaluable insights into the social networks of terrorist organisations through the use of Social Media Mining and Social Network Analysis. By …

Accelerating Ntruencrypt For In-Browser Cryptography Utilising Graphical Processing Units And Webgl, Dajne Win, Seth Hall, Alastair Nisbet

Australian Information Security Management Conference

One of the challenges encryption faces is it is computationally intensive and therefore slow, it is vital to find faster methods to accelerate modern encryption algorithms to keep performance high whilst also preserving information security. Users often do not want to wait for applications to become responsive, applications on limited devices such as mobiles often compromise security in order to keep execution times quick. Often they use algorithms and key sizes which are not considered cryptographically secure in order to maintain a smooth user experience. Emerging approaches have begun using a devices Graphics Processing Unit (GPU) to offload some of …

A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe

Australian Information Security Management Conference

This research utilises a comprehensive survey to ascertain the level of social networking site personal information disclosure by members at the time of joining the membership and their subsequent postings to the sites. Areas examined are the type of information they reveal, their level of knowledge and awareness regarding how their information is protected by SNSs and the awareness of risks that over-sharing may pose. Additionally, this research studies the effect of gender, age, education, and level of privacy concern on the amount and kind of personal information disclosure and privacy settings applied. A social experiment was then run for …

A Privacy Gap Around The Internet Of Things For Open-Source Projects, Brian Cusack, Reza Khaleghparast

Australian Information Security Management Conference

The Internet of Things (IoT) is having a more important role in the everyday lives of people. The distribution of connectivity across social and personal interaction discloses personalised information and gives access to a sphere of sensitivities that were previously masked. Privacy measures and security to protect personal sensitivities are weak and in their infancy. In this paper we review the issue of privacy in the context of IoT open-source projects, and the IoT security concerns. A proposal is made to create a privacy bubble around the interoperability of devices and systems and a filter layer to mitigate the exploitation …

Future Of Australia’S Etp: Script Exchange, Script Vault Or Secure Mobile Alternative, Kyaw Kyaw Htat, Patricia A. H. Williams, Vincent Mccauley

Australian Information Security Management Conference

Electronic transfer of prescriptions is an essential element of electronic medications management. Unfortunately, current manual and preliminary electronic transfer of prescription methods are not patient focussed, leading to a suboptimal solution for the patient. This is increasingly relevant in the push for more patient engagement in their own healthcare. The area is highly controlled by legislation and regulation. Through research and an analysis of the possible methods to improve and personalise electronic transfer of prescriptions, this paper provides an overview of these conclusions, and presents an alternative technical solution. The solution has been derived from a number of experiments in …

The Proceedings Of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Mike Johnstone

Australian Information Security Management Conference

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year.

The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia …

An Analysis Of Chosen Alarm Code Pin Numbers & Their Weakness Against A Modified Brute Force Attack, Alastair Nisbet, Maria Kim

Australian Information Security Management Conference

Home and commercial alarms are an integral physical security measure that have become so commonplace that little thought is given to the security that they may or may not provide. Whilst the focus has shifted from physical security in the past to cyber security in the present, physical security for protecting assets may be just as important for many business organisations. This research looks at 700 genuine alarm PIN codes chosen by users to arm and disarm alarm systems in a commercial environment. A comparison is made with a study of millions of PIN numbers unrelated to alarms to compare …

Using Graphic Methods To Challenge Cryptographic Performance, Brian Cusack, Erin Chapman

Australian Information Security Management Conference

Block and stream ciphers have formed the traditional basis for the standardisation of commercial ciphers in the DES, AES, RC4, and so on. More recently alternative graphic methods such as Elliptic Curve Cryptography (ECC) have been adopted for performance gains. In this research we reviewed a range of graphic and non-graphic methods and then designed our own cipher system based on several graphic methods, including Visual Cryptography (VC). We then tested our cipher against RC4 and the AES algorithms for performance and security. The results showed that a graphics based construct may deliver comparable or improved security and performance in …

Celestial Sources For Random Number Generation, Erin Chapman, Jerina Grewar, Tim Natusch

Australian Information Security Management Conference

In this paper, we present an alternative method of gathering seed data for random number generation (RNG) in cryptographic applications. Our proposed method utilises the inherent randomness of signal data from celestial sources in radio astronomy to provide seeds for RNG. The data sets were collected from two separate celestial sources, and run through the SHA-256 algorithm to deskew the data and produce random numbers with a uniform distribution. The resulting data sets pass all tests in the NIST Statistical Test Suite for random data, with a mean of 98.9% of the 512 total bitstreams from the two sources passing …

A Hybrid Behaviour Recognition And Intrusion Detection Method For Mobile Devices, Ashley Woodiss-Field

Australian Information Security Management Conference

Behaviour-based authorisation is a technique that assesses the user of a device for authenticity by comparing their activities to previously established behaviour profiles. Passwords and other point of entry authorisation techniques are often inadequate for protecting mobile device security as they only provide an initial barrier to usage and do not operate continuously. Behaviour-based authorisation continuously assesses user authorisation, using the device owner’s profile for authentication. This research improves upon behaviour-based authorisation performance by applying a hybridised intrusion detection method. The constituent intrusion detection methods that were applied include context-awareness and self-correction. Performance of a behaviour-based authorisation method can be …

An Investigation Of Potential Wireless Security Issues In Traffic Lights, Brian Bettany, Michael N. Johnstone, Matthew Peacock

Australian Information Security Management Conference

The purpose of automated traffic light systems is to safely and effectively manage the flow of vehicles through (usually) urban environments. Through the use of wireless-based communication protocols, sets of traffic lights are increasingly being connected to larger systems and also being remotely accessed for management purposes, both for monitoring and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus systems may operate with sub-standard or non-existent security implementations. This research aims to test if the same issues and vulnerabilities that appear to be present in traffic light systems in the USA are prevalent …